exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2021-23792

почти 4 года назад

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.

CVSS3: 7.3

EPSS: Низкий

CVE-2021-23792

почти 4 года назад

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.

CVSS3: 7.3

EPSS: Низкий

CVE-2021-23792

почти 4 года назад

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 ar ...

CVSS3: 7.3

EPSS: Низкий

GHSA-pjch-4g28-fxx7

почти 4 года назад

External Entity Reference in TwelveMonkeys ImageIO

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-23792 The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.	CVSS3: 7.3	0% Низкий	почти 4 года назад
CVE-2021-23792 The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.	CVSS3: 7.3	0% Низкий	почти 4 года назад
CVE-2021-23792 The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 ar ...	CVSS3: 7.3	0% Низкий	почти 4 года назад
GHSA-pjch-4g28-fxx7 External Entity Reference in TwelveMonkeys ImageIO	CVSS3: 9.8	0% Низкий	почти 4 года назад

Уязвимостей на страницу